Wednesday 1 August 2012

Apple security update ditches Snow Leopard, Windows users

Last week, Apple released the latest version of its Safari Web browser, patching more than 100 vulnerabilities. But if you're running an older version of Mac OS X or any version of Windows, you're in for some harsh luck.

Safari 6 is available only for the brand-new OS X 10.8 Mountain Lion and its predecessor, OS X 10.7 Lion, which itself is barely a year old.

Users of Mac OS X 10.6 Snow Leopard, which as of June was running on nearly 40 percent of all Macs, apparently won't be getting the upgrade.

As for Safari for Windows, Apple has removed all traces of it from its website.

A request to Apple for comment was not immediately returned.

"The latest version of Safari is available in Mountain Lion," states text at the very bottom of the official Safari page. "The latest version of Safari for Lion is available through Software Update."

[ How Far Behind Is Apple's Security? ]

Age discrimination
That seems unfair, at best, to security researcher Joshua Long, who used Sophos' Naked Security blog to take Apple to task.

"There's no warning in either the browser itself or Apple Software Update on either [Windows or Snow Leopard] that Safari likely won't be updated," Long wrote. "Users have no way of knowing that their browser has at least 121 unpatched vulnerabilities and is no longer safe to use."

According to Apple's own documentation regarding the security updates, almost all those vulnerabilities expose users to attack by maliciously crafted Web pages, to which users of Snow Leopard and Mac OS X 10.5 Leopard would presumably also be susceptible.

Instead, Apple's leaving them out in the cold. That's bad, considering how deeply Safari is embedded into the OS X operating system compared to third-party browsers like Google Chrome or Mozilla Firefox.

Yet Long shouldn't be surprised. Apple's unstated policy is to support only two OS X versions at a time: the current version, and the one just before that.

Now that Mountain Lion has been released, it would make sense, at least on Apple's terms, that the company is supporting only that and 10.7 Lion.

As for Safari for Windows, it has a very small user base and never got above 1 percent of Windows users. (iTunes for Windows is still supported.)

Even many Mac users don't use Safari, according to NetMarketShare.com, which shows that the market share of Mac OS X is substantially higher than the market share of Safari on all desktops and laptops.

Pattern of neglect?
A few months ago, the Flashback Trojan was whipping through the Mac user base, largely because Apple had neglected to update its Java build in a timely manner. Apple finally released Java patches ? but only for Lion and Snow Leopard.

Leopard users were left unpatched for six more weeks until enough anger built up online. Then Apple patched 10.5 as well.

To draw a contrast, Microsoft will be supporting Windows XP until April 2014, when that platform will be more than 12 years old.

To Apple's credit, its software is cheap: Full installations of Mountain Lion cost $20.

Any Mac less than five years old will be able to run Lion or Mountain Lion, though to get a Lion installation you might have to call Apple or go to an Apple retail store. There's no more Lion download link on the Apple site ? it's been "disappeared" along with Safari for Windows.

Apple may want to push its user base into upgrading to new software and new machines. But it shouldn't have to jeopardize the security of its older customers to do so.

? 2012 SecurityNewsDaily. All rights reserved

Source: http://www.msnbc.msn.com/id/48425652/ns/technology_and_science-security/

baltimore ravens atlanta falcons ryan tannehill cispa pittsburgh steelers detroit lions seattle seahawks

No comments:

Post a Comment